Equifax Website Hacked Again with Malware Flash Redirect

Credit reporting giant Equifax which suffered the ignominy of exposing the personal data of nearly 150 million people has been hacked again.

First noticed by security researcher Randy Abrams, an independent security analyst, the compromise sees the browser redirect the user from Equifax’s website to a website offering a faux Flash update riddled with malware. Abrams was visiting the website to contest what he saw was false information on his credit report, when his browser redirected to a page offering a flash update.

A closer look revealed that the website was indeed compromised, with attackers luring Equifax visitors into installing a strain of malware called Adware.Eorezo, a drive-by campaign.

Hijacking webpages are a common tactic by malicious hackers to target visitors. Abrams tried accessing the website multiple time where he encountered the fake Flash download link pop-up on three subsequent visits. The researcher was able to capture the compromise below wherein the Equifax page redirected the browser to several domains before opening the Flash download at the original page. The file turned out to be an adware named ‘mediaDownloaderIron.exe.

Abrams was unable to reproduce the redirects subsequently, according to ArsTechnica. It’s entirely possible that Equifax moved to clean up its website or that attackers could have paused their driveby payload temporarily before resuming at a later time.

If Equifax really was compromised, again, it will be another blow to the embattled company whose CEO stepped down after the infamous data breach of social security numbers and other personal information of 145.5 million Americans last month.

Image credit: Pixabay.